]> git.karo-electronics.de Git - karo-tx-linux.git/commitdiff
nfsd: fix buffer overrun decoding NFSv4 acl
authorJ. Bruce Fields <bfields@citi.umich.edu>
Mon, 1 Sep 2008 18:51:02 +0000 (14:51 -0400)
committerGreg Kroah-Hartman <gregkh@suse.de>
Mon, 8 Sep 2008 11:44:32 +0000 (04:44 -0700)
commit 91b80969ba466ba4b915a4a1d03add8c297add3f upstream

The array we kmalloc() here is not large enough.

Thanks to Johann Dahm and David Richter for bug report and testing.

Signed-off-by: J. Bruce Fields <bfields@citi.umich.edu>
Cc: David Richter <richterd@citi.umich.edu>
Tested-by: Johann Dahm <jdahm@umich.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
fs/nfsd/nfs4acl.c

index b6ed38380ab805179f8354ab9454fc533e50da53..54b8b4140c8f6e32203363bd9b53e8aa2ed09f7e 100644 (file)
@@ -443,7 +443,7 @@ init_state(struct posix_acl_state *state, int cnt)
         * enough space for either:
         */
        alloc = sizeof(struct posix_ace_state_array)
-               + cnt*sizeof(struct posix_ace_state);
+               + cnt*sizeof(struct posix_user_ace_state);
        state->users = kzalloc(alloc, GFP_KERNEL);
        if (!state->users)
                return -ENOMEM;